It gets down to knowing the purpose the machine and identifying methods of connectivity. Does one use an optimistic approach or a pessimistic approach (open to all/open to a few). I use tcp wrappers to allow from specific IP. Greg